cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

load_policy.c (2616B)

      1// SPDX-License-Identifier: GPL-2.0
      2/*
      3 * security/tomoyo/load_policy.c
      4 *
      5 * Copyright (C) 2005-2011  NTT DATA CORPORATION
      6 */
      7
      8#include "common.h"
      9
     10#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
     11
     12/*
     13 * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)
     14 */
     15static const char *tomoyo_loader;
     16
     17/**
     18 * tomoyo_loader_setup - Set policy loader.
     19 *
     20 * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).
     21 *
     22 * Returns 0.
     23 */
     24static int __init tomoyo_loader_setup(char *str)
     25{
     26	tomoyo_loader = str;
     27	return 1;
     28}
     29
     30__setup("TOMOYO_loader=", tomoyo_loader_setup);
     31
     32/**
     33 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
     34 *
     35 * Returns true if /sbin/tomoyo-init exists, false otherwise.
     36 */
     37static bool tomoyo_policy_loader_exists(void)
     38{
     39	struct path path;
     40
     41	if (!tomoyo_loader)
     42		tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
     43	if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
     44		pr_info("Not activating Mandatory Access Control as %s does not exist.\n",
     45			tomoyo_loader);
     46		return false;
     47	}
     48	path_put(&path);
     49	return true;
     50}
     51
     52/*
     53 * Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)
     54 */
     55static const char *tomoyo_trigger;
     56
     57/**
     58 * tomoyo_trigger_setup - Set trigger for activation.
     59 *
     60 * @str: Program to use as an activation trigger (e.g. /sbin/init ).
     61 *
     62 * Returns 0.
     63 */
     64static int __init tomoyo_trigger_setup(char *str)
     65{
     66	tomoyo_trigger = str;
     67	return 1;
     68}
     69
     70__setup("TOMOYO_trigger=", tomoyo_trigger_setup);
     71
     72/**
     73 * tomoyo_load_policy - Run external policy loader to load policy.
     74 *
     75 * @filename: The program about to start.
     76 *
     77 * This function checks whether @filename is /sbin/init , and if so
     78 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
     79 * and then continues invocation of /sbin/init.
     80 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
     81 * writes to /sys/kernel/security/tomoyo/ interfaces.
     82 *
     83 * Returns nothing.
     84 */
     85void tomoyo_load_policy(const char *filename)
     86{
     87	static bool done;
     88	char *argv[2];
     89	char *envp[3];
     90
     91	if (tomoyo_policy_loaded || done)
     92		return;
     93	if (!tomoyo_trigger)
     94		tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;
     95	if (strcmp(filename, tomoyo_trigger))
     96		return;
     97	if (!tomoyo_policy_loader_exists())
     98		return;
     99	done = true;
    100	pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader);
    101	argv[0] = (char *) tomoyo_loader;
    102	argv[1] = NULL;
    103	envp[0] = "HOME=/";
    104	envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
    105	envp[2] = NULL;
    106	call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
    107	tomoyo_check_profile();
    108}
    109
    110#endif